Privacy Policy for Providers

We value your trust and are committed to protecting your practice and patient data.

1. Information We Collect

When you use CareDevi for Providers, we collect the following personal and practice information:

  • Practice Information: practice name, address, phone, specialties, provider bios, and credentials
  • Provider Personal Information: name, email, professional license numbers, and contact details
  • Patient Data (with consent): wellness metrics shared by patients who consent to share data with your practice
  • Usage Data: features used, pages visited, session duration to improve the platform
  • Billing Information: payment method details for subscription processing (processed by Stripe)

2. How We Use Provider Information

Your information is used to deliver and improve the CareDevi for Providers platform:

  • Display your practice profile to patients searching for care in the CareDevi app
  • Enable online booking, scheduling, and patient communication
  • Process payments and generate payout reports
  • Provide analytics on booking volume, patient engagement, and practice growth
  • Communicate product updates, feature releases, and account notifications
  • Comply with legal obligations, including HIPAA as a covered entity or business associate

3. HIPAA Compliance & Data Security

CareDevi is committed to protecting patient health information in compliance with HIPAA:

  • We sign Business Associate Agreements (BAAs) with provider practices where required under HIPAA
  • All PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access to patient data is restricted through role-based access controls and audit logging
  • We conduct regular third-party security assessments and penetration testing
  • We maintain incident response procedures and will notify you within 72 hours of any confirmed breach
  • You are responsible for configuring appropriate access controls within your practice account

4. Patient Data & Consent

Patient data is shared with your practice only with explicit patient consent:

  • Patients must explicitly opt in to share their wellness data with your practice
  • You can only view data from patients who have consented to share with your practice
  • Patients may revoke data sharing consent at any time through the app
  • You are responsible for using patient data in accordance with HIPAA and applicable privacy laws
  • Do not use patient data for purposes beyond care coordination without additional patient consent

5. Data Sharing & Third Parties

We do not sell provider or patient data. We may share data only in these circumstances:

  • With your explicit direction, such as displaying your practice profile to patients
  • With service providers (cloud hosting, analytics, payment processing) who are contractually bound to protect data
  • When required by law, regulation, court order, or governmental authority
  • In aggregated, de-identified form for platform analytics and improvement
  • In connection with a merger, acquisition, or asset sale, subject to continued privacy protections

6. Your Rights & Data Management

As a provider, you have the following rights regarding your data:

  • Access: Request a copy of your practice and personal data
  • Correction: Update practice information, provider bios, and contact details
  • Export: Download patient engagement data and booking records
  • Deletion: Request account termination and associated practice data removal
  • Opt-Out: Manage notification preferences and marketing communications
  • To exercise these rights, contact providers@caredevi.com

7. Contact & Updates

We may update this Privacy Policy periodically. Material changes will be notified via email.

  • Privacy inquiries: privacy@caredevi.com
  • Data Protection Officer: dpo@caredevi.com
  • Provider support: providers@caredevi.com
  • Mailing address: CareDevi Inc, 5 Cowboys Way Ste 300, Frisco, TX 75034, USA
  • Continued use after changes constitutes acceptance of the updated policy

Last updated: June 2026